{"id":28041,"date":"2019-07-26T11:00:00","date_gmt":"2019-07-26T11:00:00","guid":{"rendered":"https:\/\/www.darkreading.com\/edge\/theedge\/what-every-security-team-should-know-about-internet-threats\/b\/d-id\/1335180"},"modified":"2019-07-26T11:00:00","modified_gmt":"2019-07-26T11:00:00","slug":"what-every-security-team-should-know-about-internet-threats","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/what-every-security-team-should-know-about-internet-threats\/","title":{"rendered":"What Every Security Team Should Know About Internet Threats"},"content":{"rendered":"
\n<\/header>\n

Of particular interest for cybercriminals is the Domain Name System, which plays a central role in orchestrating all Internet and application traffic.<\/span> <\/p>\n

<\/a><\/div>\n

Security teams are laser-focused on protecting the crown jewels. And while they are pretty good at evaluating the security within their own environments, the outside world can be tougher, with new and emerging threats from the broader Internet born every day.<\/p>\n

In fact, crimes from the Internet are on the rise, according to the FBI’s “2018 IC3 Annual Report<\/a>.” The report found that Internet-enabled theft, fraud, and exploitation not only remain pervasive, but also were responsible for a whopping $2.7 billion in financial losses last year.<\/p>\n

Of particular interest for cybercriminals is the Domain Name System (DNS), which plays a central role in orchestrating all Internet and application traffic. Threats and attacks against it are growing in frequency, with a recent example being the attack<\/a> on secure, cloud-based messaging app Telegram.<\/p>\n

Ultimately, it is up to enterprises to implement the necessary best practices to protect their networks and end users, according to Brian Zeman, COO of NS1. But first they need to better understand the landscape.<\/p>\n

DNS: A Vehicle for Phishing<\/strong>
DNS is the fundamental vehicle used in phishing attacks, according to Paul Griswold, executive director, product management & strategy, X-Force threat management at IBM Security. As such, when organizations accept the DNS that comes from their Internet service providers, they should realize it isn’t always “clean,” he says.<\/p>\n

“A lot of times it\u2019s something people just don’t think about. DNS is there. It’s provided by the ISP, and there’s not necessarily thought [about] all the different ramifications that can come from that,” Griswold said.<\/p>\n

Companies that aren’t paying attention to their domain assets are more likely to see security risks, adds Mike Bittner, digital security and operations manager at The Media Trust.<\/p>\n

“Not enough companies are fully managing their domain registries and, in some cases, even letting them go parse,” he says. “That’s where a lot of DNS attacks begin. They are repurchased, and the domain is used to actually compromise the DNS servers.”<\/p>\n

Vulnerable Web Applications<\/strong>
While security pros tend to first think about phishing or DNS attacks as the most prevalent threats originating from the Internet, other, less obvious threats come from vulnerable Web applications, Bittner says.<\/p>\n

“It’s the fact that security is not being implemented with an internal application, and the lack of security in Web applications is at the root of this problem,” he says.<\/p>\n

Threats that originate from the Internet are compounded by the proliferation of devices connected to it. Every connected device is another attack vector for malicious actors, not to mention that Web applications are all too frequently given to users with a litany of vulnerabilities, Bittner says.<\/p>\n

Additionally, drive-by downloads \u2013 malware that is downloaded from compromised websites \u2013 are occurring more frequently via JavaScript not only in third-party code, but through malicious websites. Victims have nothing more to do than navigate to a seemingly clean site that has been compromised. Without even clicking, they are automatically redirected to a ransomware site, Bittner explains.<\/p>\n

“Your employees are on these sites, too,” he says. “This is happening in your network. If your home page is delivering JavaScript that eventually causes a drive-by download and you’ve got BYOD policies, that’s a phone on your network that has incurred another download.”  <\/p>\n

Some Preventative Measures<\/strong>
According to the “IDC 2019 Global DNS Threat Report<\/a>,” commissioned by EfficientIP, three in five organizations suffered application downtime and one-quarter experienced business downtime. In order to maintain business continuity and avoid the hefty price tag associated with brand damage, organizations are well-advised to implement security measures to protect against attacks from the Internet.<\/p>\n

“Organizations need to deploy threat intelligence, brought from advanced DNS analytics, to enhance the ability to detect infected devices and malicious behaviors,” says David Williamson, CEO of EfficientIP. “Threat intelligence is an essential tool for timely attack prevention across the network, as well as for protecting data confidentiality.”<\/p>\n

In addition, redundancy ensures that if one network falls under duress, another will subsume the queries for both of them. That ensures no query goes unanswered, according to NS1’s Zeman.<\/p>\n

“It is important to have redundancy at every level of a server infrastructure, including the DNS host,” Zeman says. “Deploy a secondary DNS network.”<\/p>\n

Zeman also recommends taking the following precautionary steps to protect the enterprise against threats from the broader Internet:<\/p>\n